Re: FATAL: Kernel too old

[Bryan Andersen]

Richard B. Johnson wrote:
> On Fri, 6 Feb 2004, Charles Cazabon wrote:
>
>
> > Richard B. Johnson <root@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > > Script started on Fri Feb  6 15:44:32 2004
> > > # rlogin -l johnson quark
> > > ATAL: kernel too old
> > > # rlogin -l johnson quark
> > > ATAL: kernel too old
> >
> > I saw something similar at a customer's site, when someone rooted the box and
> > replaced the default login shell with a rootkitted/backdoored one in a newer
> > executable format not supported by the old kernel.
> >
> >
> > > I crashed it and it rebooted fine, little fsck activity, with
> > > nothing in any logs that shows there was any problem whatsoever.
> >
> > Did the problem go away with a reboot?
>
> Sure. And if you can 'root' that machine, you are really
> good! It isn't even visible to most of the company internally!

You never know what your fellow employees will do...  Where there is a 
will there is a way.

If you don't think it got rooted, what did you or other employees do 
recently on that machine that would cause software to be changed?  Did 
anybody do any upgrades?  Unless you can confirm an alternate 
explanation then I'd assume it was rooted.  If the machine was upgraded 
by downloading from the net, was the site you downloaded from secure? 
Just because a machine is behind many fire walls doesn't mean that it 
can't be rooted.

- Bryan


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/